Nov 08 2018

Why Retailers Must Prioritize Cybersecurity in the Mobile Era

As consumers increasingly opt for mobile experiences, hackers continue to adjust their strategies to take advantage of the shift.

By 2025, 60 percent of U.S. consumers believe that the average shopper will carry a phone but no physical wallet, according to data published by consumer financial services company Synchrony. What’s more, 67 percent of respondents to the Synchrony Retailer Survey said that they’ve downloaded a retailer’s application, findings that are indicative of a culture dominated by use of mobile devices, particularly smartphones.

At the same time, a report published by ThreatMetrix finds that one-third of all fraud now targets mobile channels. In the first half of 2018 alone, mobile attack rates increased 24 percent compared with 2017, according to the report.

“Mobile is quickly becoming the predominant way people access online goods and services, and as a result, organizations need to anticipate that the barrage of mobile attacks will only increase,” noted LexisNexis Risk Solutions Chief Identity Officer Alisdair Faulkner.

MORE FROM BIZTECH: Discover four ways to defend against POS malware!

Retailers Face Distinctive Challenges for Mobile Security

Increasingly, retailers must focus on how to keep their mobile customers safe from growing cyberthreats. According to the Verizon Mobile Security Index 2018 Report, 82 percent of retail and hospitality professionals surveyed said mobile devices are a risk, with 22 percent of respondents calling that risk significant, in large part due to the temporary nature of many in the workforce.

“Retail and hospitality companies face distinctive challenges when it comes to mobile security,” the report states. “Many of them have large numbers of employees, often employed on part-time or seasonal contracts. These employees may not take security precautions as seriously as full-time or permanent employees.”

Still, the report also finds that nearly 90 percent of enterprises surveyed have only one of four basic mobile security measures (changing all default passwords; encrypting data sent over public networks; restricting access on a need-to-know basis, regularly testing security systems) in place; conversely, only 1 in 7 companies had all four practices in place.

Mobile Payment Providers Are Taking Appropriate Measures

For their part, mobile payment providers have ensured that their services are just as secure as other forms of payment, CDW’s Scott Schulman writes in a blog post. Their solutions use tokenization — a process that involves replacing one sensitive data element with a nonsensitive element, or token — to replace credit card numbers. What’s more, he writes, “none of the major mobile payment options work unless a device’s screen-locking capability is enabled and the device is unlocked when the payment occurs, or unless the user’s identity is confirmed through biometric authentication, making it difficult for a thief to pay for purchases with someone else’s phone.”

However retailers still must shoulder some of the security load by reviewing their susceptibility to data breaches and taking steps to ensure that the solutions they deploy are secure, writes Susannah Magers of employee communication app developer Beekeeper in a blog post on

Additionally, “retail workforces need to be familiar with navigating mobile technology to be adept at handling mobile payments,” she notes.


zoranm/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.